Security Features and Benefits

FunnelEnvy is built on a robust cloud security infrastructure that is certified against industry best practices and standards. When you send your organization’s data to us, you can rest assured that your data, and your customers’ data, is protected. We’re compliant with multiple regulations and standards, including ISO 27001, the EU General Data Protection Regulation (GDPR), and the Privacy Shield Framework. Best of all, our security scales with you – no matter how much data you send to our cloud infrastructure, it’s always protected.

Infrastructure Security

FunnelEnvy is entirely built within the Amazon Web Services (AWS) Cloud, which provides several security capabilities and services that increase privacy and security.

AWS operates an extremely robust compliance program that spans multiple domains, each with its own set of requirements and best practices. For more information, we recommend referencing their compliance documents.

We leverage AWS’ network and web application firewall capabilities to tightly control access to our networks, servers and applications.

As an AWS user, FunnelEnvy and its customers benefit from high levels of availability and resilience, thereby ensuring reliability and protection against threats such as Distributed Denial-of-Service (DDoS) attacks.

Encryption

To prevent unauthorized access to data, FunnelEnvy uses full end-to-end encryption, which includes encryption for data in transit and at rest.

All traffic between your web browser, FunnelEnvy’s servers, and third party integrations is encrypted with at least 256-bit AES encryption.

All data stored in FunnelEnvy’s data warehouse is fully encrypted at all times.

To ensure business continuity, FunnelEnvy maintains internal processes with strict Recovery Time Objectives (RTOs). We test our internal processes on a regular basis by holding simulated Business Continuity Exercises.

Compliance and Certifications

In order to maintain the highest levels of trust in our security and privacy policies, procedures and implementation, FunnelEnvy conducts internal and external audits on a regular basis to ensure continuous compliance with multiple legal, regulatory and contractual obligations, as well as industry standards.

ISO 27001

FunnelEnvy maintains an active, ISO 27001-certified Information Security Management System (ISMS) for its operations. The ISO 27001 standard specifies security management best practices and comprehensive security controls, and requires the development and implementation of a rigorous information security program. ISO 27001 is a widely-recognized international security standard which specifies that FunnelEnvy:

Systematically evaluates its information security risks, taking into account the impact of threats and vulnerabilities.

Designs and implements a comprehensive suite of information security controls and other forms of risk management to address security risks.

FunnelEnvy’s ISO 27001 auditor and registrar is A-LIGN. A certificate of registration is available upon request.

Privacy Shield

FunnelEnvy is a member of the EU-U.S. and Swiss-U.S. Privacy Shield Frameworks. These frameworks were designed by the U.S. Department of Commerce, the European Commission and Swiss Administration to provide organizations on both sides of the Atlantic with a mechanism to comply with data protection requirements when transferring personal data from the European Union (EU) and Switzerland to the U.S. in support of transatlantic commerce.

GDPR

The E.U. General Data Protection Regulation (GDPR) is key piece of E.U. legislation that strengthens and standardizes data protection laws for all individuals within and traveling inside the European Union. FunnelEnvy is fully committed to implementing and honoring all aspects of the GDPR, which includes the following key changes:

Expanded privacy rights for individuals: data subjects within the E.U. have the right to be forgotten and the right to request a copy of any personal data stored in their regard. FunnelEnvy maintains internal processes to ensure that it can remove and/or export any customer or data subject’s personal data upon request.

Responsibility to implement appropriate security: organizations subject to the GDPR must implement appropriate security controls and policies, to include the completion of privacy impact assessments, records on data processed and held, and strict management of vendors. FunnelEnvy completes all of these activities under its ISO 27001-certified Information Security Management System (ISMS).

Profiling and monitoring requirements: the GDPR stipulates strict security and privacy rules on organizations engaged in profiling or monitoring of E.U. individuals. FunnelEnvy is fully compliant with all GDPR profiling and monitoring requirements.

IP Anonymization

As IP addresses could be considered personal data, FunnelEnvy allows you to easily anonymize IP addresses by removing the last octet of your visitors’ IP address before storing event data.

Non-Consent Mode

FunnelEnvy allows for a non-consent mode of operation whereby website visitors who have not given consent will not be associated with personal data.

Data Processing Addendum (DPA)

This addendum includes all required terms for GDPR compliance, plus Standard Contractual Clauses which serve as a safeguard to govern transfers of personal data out of the EU/EEA/Switzerland.

Vulnerability Disclosures

FunnelEnvy’s steadfast commitment to security necessitates that it investigates all reported vulnerabilities. If you would like to report a vulnerability or have a security concern regarding FunnelEnvy’s services, please contact our team at [email protected]. Along with your email, please provide any supporting material (code, system or tool output, etc.) that will help us to understand the nature and severity of the vulnerability. Our team will review the submission and will respond with next steps.

The information that you share with FunnelEnvy as part of this process is always kept confidential. It is not shared with third parties without your permission.

Contact the Security Team

Want more information about FunnelEnvy’s privacy and security? Contact our team at [email protected].